LDAP Admin bind DN has failed due to LDAP server time out with the following error message in the aaad.debug

AAAD log snippet:
================
 
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/ldap_common.c[872]: ns_ldap_set_up_socket setting up for SSL connection to : XX.XX.XX.XX:636
Sun Dec 16 22:54:16 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/naaad.c[3658]: register_timer setting timer 9303
Sun Dec 16 22:54:16 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/ldap_drv.c[188]: receive_ldap_bind_event receive ldap bind event               >>>>>>>>>> Admin bind DN request was sent at 22:54:16
 
Sun Dec 16 22:54:16 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/ldap_common.c[371]: ns_ldap_check_result checking LDAP result.  Expecting 97 (LDAP_RES_BIND)
Sun Dec 16 22:54:16 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/ldap_common.c[375]: ns_ldap_check_result Got result 0.  Non-event, continuing
Sun Dec 16 22:54:16 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/ldap_drv.c[212]: receive_ldap_bind_event Noop
Sun Dec 16 22:54:16 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/ldap_drv.c[188]: receive_ldap_bind_event receive ldap bind event
 
Sun Dec 16 22:54:16 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/ldap_common.c[371]: ns_ldap_check_result checking LDAP result.  Expecting 97 (LDAP_RES_BIND)
Sun Dec 16 22:54:16 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/ldap_common.c[375]: ns_ldap_check_result Got result 0.  Non-event, continuing
Sun Dec 16 22:54:16 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/ldap_drv.c[212]: receive_ldap_bind_event Noop
Sun Dec 16 22:54:26 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/naaad.c[575]: main timer 9303 firing...
Sun Dec 16 22:54:26 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/naaad.c[3727]: unregister_timer releasing timer 9303
Sun Dec 16 22:54:26 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/ldap_common.c[191]: ns_ldap_timeout_handler ldap server time out, sending error  >>>>> LDAP server time out was happened at 22:54:26 (ie after 10 secs)
Sun Dec 16 22:54:26 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/naaad.c[2915]: send_reject_with_code Not trying cascade again
Sun Dec 16 22:54:26 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/naaad.c[2917]: send_reject_with_code sending reject to kernel for : <username>
Sun Dec 16 22:54:26 2018
/home/build/rs_111_56_9_RTM/usr.src/netscaler/aaad/naaad.c[2921]: send_reject_with_code Rejecting with error code 4003
 

To offload SSL process from AAAD, have to configure LDAPS authentication via Load balancing Vserver using below steps:

Steps to configure LDAPS through Load balancing server: 
=============================================== 

1) Configure Load balancing Vserver with Protocol type TCP and with the port number 636. 

2) Configure the Actual LDAPS server as a Load balancing service with Protocol type SSL_TCP and with the port number 1636 or 636. 

3) Bind the LDAPS Load balancing service with Load balancing Vserver configured in the STEP 1.

3) Go to Configuration Tab > Authentication > LDAP > Select the LDAPS server and Click on Edit > Change the IP address of LDAPS server with Load balancing Vserver IP address as configured in STEP 1 and select the Type as PLAIN TEXT instead of SSL. However, specify the port number as 636.

---

Problem Cause

If LDAPS server send a response with delay or if the SSL hanshake between NetScaler and LDAPS taken much time, then the AAAD process will get into blocking state, which will affect the authenticaiton process.